Weaknesses of type CWE-918

2,203 results
CVE-2026-11989MEDIUMBit integrations <= 2.8.7 - Unauthenticated Server-Side Request Forgery via Form Field Upload MappingEPSS 0.3%CVE-2023-46641MEDIUMWordPress 12 Step Meeting List Plugin <= 3.14.24 is vulnerable to Server Side Request Forgery (SSRF)EPSS 0.3%CVE-2025-10760MEDIUMHarness lookup_repo.go LookupRepo server-side request forgeryEPSS 0.3%CVE-2024-40625MEDIUMGeoServer Coverage REST API Allows Server Side Request ForgeryEPSS 0.3%CVE-2025-14518MEDIUMPowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgeryEPSS 0.3%CVE-2025-31796MEDIUMWordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.9 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-27232MEDIUMFrontend arbitrary file read in oauth.authorize actionEPSS 0.3%CVE-2025-31824MEDIUMWordPress WP Optin Wheel Plugin <= 1.4.7 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-40595HIGHA Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded UREPSS 0.3%CVE-2025-24703MEDIUMWordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerabilityEPSS 0.3%CVE-2025-9269MEDIUMServer-Side Request Forgery (SSRF) vulnerability found in embedded web serverEPSS 0.3%CVE-2025-29456MEDIUMAn issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the crEPSS 0.3%CVE-2025-7759MEDIUMthinkgem JeeSite UEditor Image Grabber ActionEnter.java server-side request forgeryEPSS 0.3%CVE-2025-29449MEDIUMAn issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function.EPSS 0.3%CVE-2025-29454MEDIUMAn issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the UpEPSS 0.3%CVE-2026-34076HIGHClerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended hostEPSS 0.3%CVE-2025-29450MEDIUMAn issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.EPSS 0.3%CVE-2024-39598MEDIUM[Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)EPSS 0.3%CVE-2025-8020HIGHAll versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname EPSS 0.3%CVE-2025-29453MEDIUMAn issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the myEPSS 0.3%